4:04 p.m.
On Thu, Oct 13, 2016 at 2:45 PM, Simone Tiraboschi <stirabos(a)redhat.com>
wrote:
On Thu, Oct 13, 2016 at 11:23 AM, Piotr Kliczewski <pkliczew(a)redhat.com>
wrote:
> Gianluca,
>
> The port needs to be open on machines where vdsm is installed.
>
> @Simone can you take a look why after running host deploy at 2016-10-03
> 23:28:47,891
> we are not able to talk to vdsm anymore?
>
OK, I'm on it.
>
> Thanks,
> Piotr
>
> On Thu, Oct 13, 2016 at 11:15 AM, Gianluca Cecchi <
> gianluca.cecchi(a)gmail.com> wrote:
>
>>
>>
>> On Thu, Oct 13, 2016 at 11:13 AM, Gianluca Cecchi <
>> gianluca.cecchi(a)gmail.com> wrote:
>>
>>> Il 13/Ott/2016 11:00, "Piotr Kliczewski"
<pkliczew(a)redhat.com> ha
>>> scritto:
>>> >
>>> > Gianluca,
>>> >
>>> > Checking the log it seems that we do not configure firewall:
>>> >
>>> > NETWORK/firewalldEnable=bool:'False'
>>> > NETWORK/iptablesEnable=bool:'False'
>>> >
>>> > Please make sure that you reconfigure your firewall to open 54321
>>> port or let host deploy to do it for you.
>>> >
>>> > Thanks,
>>> > Piotr
>>>
>>> Hi,
>>> at this moment Ihave:
>>> On hypervisor iptables service configured and active.
>>> On engine firewalld service configured and active.
>>> Do I have to open port 54321 on host?
>>>
>> Actually it is already...
>>
>> root@ovirt01 ~]# iptables -L -n
>> Chain INPUT (policy ACCEPT)
>> target prot opt source destination
>> ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:53
>> ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:53
>> ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:67
>> ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:67
>> ACCEPT all -- 192.168.1.212 0.0.0.0/0
>> ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state
>> RELATED,ESTABLISHED
>> ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0
>> ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
>> ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
>> dpt:54321
>> ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
>> dpt:111
>> ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp
>> dpt:111
>> ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22
>> ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp
>> dpt:161
>> ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
>> dpt:16514
>> ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 multiport
>> dports 2223
>> ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 multiport
>> dports 5900:6923
>> ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 multiport
>> dports 49152:49216
>> REJECT all -- 0.0.0.0/0 0.0.0.0/0
>> reject-with icmp-host-prohibited
>>
>> Chain FORWARD (policy ACCEPT)
>> target prot opt source destination
>> ACCEPT all -- 0.0.0.0/0 192.168.122.0/24 ctstate
>> RELATED,ESTABLISHED
>> ACCEPT all -- 192.168.122.0/24 0.0.0.0/0
>> ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
>> REJECT all -- 0.0.0.0/0 0.0.0.0/0
>> reject-with icmp-port-unreachable
>> REJECT all -- 0.0.0.0/0 0.0.0.0/0
>> reject-with icmp-port-unreachable
>> REJECT all -- 0.0.0.0/0 0.0.0.0/0 PHYSDEV
>> match ! --physdev-is-bridged reject-with icmp-host-prohibited
>>
>> Chain OUTPUT (policy ACCEPT)
>> target prot opt source destination
>> ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:68
>> [root@ovirt01 ~]#
>>
>>
>
In the mean time I confirmed that even without ipv6 the situation doesn't
change
global maintenance
stop ovirt-engine service
create no-ipv6.conf under /etc/sysctl.d of engine
systemctl restart network
no more ipv6
shutdown engine
exit from maintenance and after a while engine is powered on
on host
vdsm 6767 vdsm 24u IPv4 15528247 0t0 TCP
*:54321 (LISTEN)
vdsm 6767 vdsm 82u IPv4 15528876 0t0 TCP
ovirt01.mydomain:54321->ovirt.mydomain:52980 (ESTABLISHED)
vdsm 6767 vdsm 110u IPv4 15534849 0t0 TCP
ovirt01.mydomain:54321->ovirt.mydomain:52984 (ESTABLISHED)
on engine now
[root@ovirt host-deploy]# netstat -an|grep 54321
tcp 0 0 192.168.1.212:52984 192.168.1.211:54321
ESTABLISHED
tcp 0 0 192.168.1.212:52980 192.168.1.211:54321
ESTABLISHED
[root@ovirt host-deploy]#
but vdsmd has the same errors. Also restarting vdsmd
Oct 13 14:49:20 ovirt01.mydomain vdsm[6767]: vdsm vds.dispatcher ERROR SSL
error during reading data: unexpected eof
how can I force the creation of the ovirt-host-mgtmt file?
I just see that has been generated this one file
ovirt-host-mgmt-20161013124548-ovirt01.mydomain-null.log
here:
https://drive.google.com/file/d/0BwoPbcrMv8mvbXI3cndGcEtXbWs/view?usp=sha...